The framework calls for IoT makers to have the ability to fix bugs quickly and reliably via remote updates or other notifications to consumers — or even device replacement, if needed. And that item comes with this caveat: “It is recognized that some embedded devices’ current design may not have this capability and it is recommended such update/upgradability capabilities be clarified to the consumer in advance of purchase.”

Time is another factor with IoT devices. Networked thermostats, garage-door openers, and other in-home devices change hands when the house does, but the former residents could still have access. And what happens after a warranty expires on smart device and there’s a breach, Spiezle says.

“We talk about not just security, privacy, and disclosure of the data that’s collected, but also the lifecycle issues. How do they support [these devices] over time and beyond the warranty,” he says.

The working group plans to finalize a formal IoT framework — which includes some 22 minimum requirements plus a dozen optional additional measures — and program around mid-November, after gathering input from Congress, the White House, Federal Trade Commission, and other entities.

Interestingly, Intel, a company championing IoT, was absent from this working group.

SCOTT (すこっと)

Scott (すこっと) is a cyber security, threat intelligence strategist, and technology evangelist working and living in Tokyo. In addition to his day job, Scott is fascinated by the future of computing, the technology industry, privacy, encryption, mobile apps, politics, & Japan. Scott enjoys taking pictures with his iPhone and sharing them freely online, primarily on Instagram.